fossar / selfoss

multipurpose rss reader, live stream, mashup, aggregation web application
https://selfoss.aditu.de
GNU General Public License v3.0
2.38k stars 345 forks source link

helpers\WebClient: Add support for Digest authentication method #1487

Open jtojnar opened 4 months ago

jtojnar commented 4 months ago

We use curl Guzzle backend to make HTTP requests. When credentials are given in the URI, curl will send them in the request using Basic authentication method. Since the Basic method is deprecated, some servers require e.g. Digest instead. selfoss did not support that.

Let’s make selfoss use any HTTP authentication method the server offers in the WWW-Authenticate header using the CURLAUTH_ANY flag. This will make curl perform one extra GET request (only when credentials are provided) to obtain the authentication challenge.

One downside is that authentication will no longer be attempted if the challenge response does not return 401 Unauthorized and WWW-Authenticate header. I can imagine a website that would return 200 OK and a feed only containing public data when no credentials are provided, private data only being included when the request contains Authorization header with credentials for the unadvertised Basic auth. This patch would silently change such feeds to the public mode.

We are using CURLAUTH_ANY instead of CURLAUTH_ANYSAFE since some sites still only support Basic auth. Either flag will still choose the best available authentication method so it will be strictly better than the default CURLAUTH_BASIC.

Fixes: https://github.com/fossar/selfoss/issues/1486

netlify[bot] commented 4 months ago

Deploy Preview for selfoss canceled.

Name Link
Latest commit 014b88038a939652e99a123bfb1777c7c1354522
Latest deploy log https://app.netlify.com/sites/selfoss/deploys/668510df1c497300084b6d16